Search

Introduction to Session Hijacking Exploitation

In this article we will be talking about session hijacking and exploitation. You will learn about session management with its applications and the common ways of hacking session tokens. You will also learn how the key methods of session hijacking helps the hacker to penetrate the session. Get to know the differences that are present between session hijacking, session fixation and session spoofing, and also the activities that attackers will perform after the successful session hijacking. Finally, learn how we can prevent the session hijacking.Introduction to session managementSession management is a rule interface that helps interaction of the user with the web applications. HTTP is the communication protocol that websites and browsers use to interact and share the data. A session is a continuous HTTP request. Transactions are created that belong to the same user. HTTP is a stateless protocol.  The response pair and request are completely Predictable Session Tokens of the similar web interface and interactions.  Current command is not dependent on the previous command.  This makes us bring in the concept of session management which primarily interfaces the authentication and access control. These are both enabled in web applications.There are primarily the following types of session management:CookieURL RewritingThey can be used as silos or can be used together.  The best use case is to track the number of unique visitors to the website.Introduction to session hijacking and cookiesSession hijacking refers to an attack on a user session by a hacker. The session is live when we log into any service. The best use case is when we log in to our web application, say banking application, to do some financial transaction.  The other name for the session hijacking is Cookie Hijacking or cookie side jacking.  The more accurate information that a hacker gets regarding our sessions, the more precise is the hacker’s attack. This session hijacking is common for browser sessions and web applications.Session Hijacking WorkflowCommon ways of hacking session tokensA session Token can be compromised by the following ways:Predictable Session TokenSession ID should be unpredictable in the browser or the web application.Session token should be extremely descriptive for the hacker to not recognize it easily.Should not be with short session keys.Session SniffingAttacker uses a valid sniffer to capture the valid session ID.The hacker gets unauthorized access to the web server.Client Side attacks – ( XSS, Malicious JavaScript Codes, Trojans)Hacker hijacks the session ID by using the malicious code or programs running at the client side.Cross Site Scripting attack is very common to steal the session token.Can be done with malicious JavaScript codes.Man in the Middle attackThe hacker intercepts the communication between two systems.Hacker can split the original TCP connection into two new connections, Client and hacker and another hacker and server.Hacker acts like a proxy server and will be able to read, modify or edit the data.Man in the Browser AttackVery similar to the Man in the Middle Attack.Trojan Horse is used to intercept.Manipulation done between the browser and application.Key methods of session hijackingThere are five key methods of Session hijacking:Session FixationSession Side JackingCross Site ScriptingMalwareBrute ForceSession FixationThe hacker or attacker already has information about the session ID of the user. The hacker would have sent the email containing the Session ID. Attacker has to wait for the user to login. The hacker sends the user a crafted login that contains the hidden field with the fixed session ID.Session Side JackingHacker uses the packet sniffing technique to find the network traffic between two parties. Hacker then steals the session cookie. Most possible attacks happen in Unsecured Wi-Fi Spots. Even if the websites use SSL, the hacker can easily attack the networks to access the servers and get access to information or session of the users. Hacker uses Man in Middle Attack as one of the classic use cases for this session side jacking.Cross Site ScriptingAttacker sends the user a running code to get a copy of the cookie.For the user, these seem trustworthy as it is the server information.Typically, the hacker uses client-side script, such as JavaScript. This code attacks the browser to execute arbitrary code and provides information on session hijacking. Types – Reflected XSS,  Stored XSS, DOM- Based XSSMalwareUnwanted programs to steal the browser cookie files Performed without a user knowledge to obtain file or memory contents of the user’s computer or the server Hacker creates a client browser temporary local storage called as Cookie Jar.Brute ForceHacker uses key generation algorithms to get the session ID.Algorithm recognizes the sequential keys.Maximizes the predictable sessions and accesses the user's active session.Entropy is compromised using Brute Force and hacker is successful in stealing the information.Can only be protected with short predictable session identifier.We can use longer session keys.Exploiting the session hijack vulnerabilityFour categories of Vulnerabilities exploit the session hijack:XSS VulnerabilitiesInjecting Client-Side ScriptsJavaScript is embeddedCreates a faulty page and hacker attacksSession Side Jacking VulnerabilitiesUse packet Sniffers to attackE.g.- Man in the middle attackSession Fixation VulnerabilitiesMainly done through fake websitesUser assumes it is an original link and clicksMalware Installation VulnerabilitiesThe hacker sends the malicious code to disrupt the application or networks or the communicationHacker gets access to the applicationsOverall, the hacker exploits session hijacking through various vulnerabilities making the system highly unstable and gains unauthorized access. The user is not aware of any of the system changes, and he assumes that the session is original. The hacker gains control of the data or information through these vulnerabilities.Difference between session hijacking, session fixation and session spoofingTopicSession HijackingSession FixationSession SpoofingGoalTo get unauthorized access to active user sessionTo get unauthorized access to active user sessionTo steal or modify the dataMethodThrough Sniffing network trafficThis is an inverted technique to get access through pre-defined session cookie planted in the user browserCan be done through fake Email, fake Website or fake IP address creationsActivityPerformed on user who is currently logged in and already authenticatedThe hacker already knows the session IDs for getting unauthorized accessAttackers use stolen or counterfeit session tokens to initiate a new session and impersonate the original user, who might not be aware of the attackWhat Can Attackers Do After Successful Session Hijacking?The attacker can perform any action that the user was carrying out with his credentials.The hacker can gain access to multiple web applications, from financial systems and customer records to line-of-business systems potentially containing valuable intellectual property. The attacker can use session hijacking cookies for identifying authenticated users in single sign-on systems (SSO). Here are a few examples:Attackers can log into bank accounts for transferring moneyHackers can use the access for online shoppingHackers can get access to sensitive data and sell it on the dark webHackers can demand a ransom from the user in exchange for the dataPrevention of Session hijackingSession hijacking can be protected by taking preventive measures on the client side.Software Updating, End Point Security will be a key from a user side. Having Biometric authentication for every user session can prevent attacks. End to End encryption can be done between the user browser and web server using secure HTTP or SSL. We can have the session value stored in the session cookie. We can have an automatic log off after the session ends. We can use session ID monitors. VPN use can prevent unauthorized access. Web server generating long random session cookies can prevent attacks. Usage of Session ID monitors enhances security. Deleting the session cookie from the user server and computer enhances security. Having different HTTP header order for different sessions is a good precaution.ConclusionIn this article we have covered the key concepts of session hijacking and the ways by which this activity can be performed by the hacker. We have discussed the methods for unauthorized access by hackers or attackers, including the techniques used by hackers for injecting vulnerabilities. We have understood the concept of Session spoofing and Session fixation.  We learnt the various activities that a hacker can perform after getting control of the user session, and finally touched upon how to prevent session hijacking.

Introduction to Session Hijacking Exploitation

5K
  • by Anand V
  • 12th Feb, 2021
  • Last updated on 10th Mar, 2021
  • 7 mins read
Introduction to Session Hijacking Exploitation

In this article we will be talking about session hijacking and exploitation. You will learn about session management with its applications and the common ways of hacking session tokens. You will also learn how the key methods of session hijacking helps the hacker to penetrate the session. Get to know the differences that are present between session hijacking, session fixation and session spoofing, and also the activities that attackers will perform after the successful session hijacking. Finally, learn how we can prevent the session hijacking.

Introduction to session management

Session management is a rule interface that helps interaction of the user with the web applications. HTTP is the communication protocol that websites and browsers use to interact and share the data. A session is a continuous HTTP request. Transactions are created that belong to the same user. 

HTTP is a stateless protocol.  The response pair and request are completely Predictable Session Tokens of the similar web interface and interactions.  Current command is not dependent on the previous command.  This makes us bring in the concept of session management which primarily interfaces the authentication and access control. These are both enabled in web applications.

There are primarily the following types of session management:

  • Cookie
  • URL Rewriting

They can be used as silos or can be used together.  The best use case is to track the number of unique visitors to the website.

Introduction to session hijacking and cookies

Session hijacking refers to an attack on a user session by a hacker. The session is live when we log into any service. The best use case is when we log in to our web application, say banking application, to do some financial transaction.  The other name for the session hijacking is Cookie Hijacking or cookie side jacking.  The more accurate information that a hacker gets regarding our sessions, the more precise is the hacker’s attack. This session hijacking is common for browser sessions and web applications.

Session Hijacking WorkflowSession Hijacking Workflow

Common ways of hacking session tokens

A session Token can be compromised by the following ways:

Predictable Session Token

  • Session ID should be unpredictable in the browser or the web application.
  • Session token should be extremely descriptive for the hacker to not recognize it easily.
  • Should not be with short session keys.

Session Sniffing

  • Attacker uses a valid sniffer to capture the valid session ID.
  • The hacker gets unauthorized access to the web server.

Client Side attacks – ( XSS, Malicious JavaScript Codes, Trojans)

  • Hacker hijacks the session ID by using the malicious code or programs running at the client side.
  • Cross Site Scripting attack is very common to steal the session token.
  • Can be done with malicious JavaScript codes.

Man in the Middle attack

  • The hacker intercepts the communication between two systems.
  • Hacker can split the original TCP connection into two new connections, Client and hacker and another hacker and server.
  • Hacker acts like a proxy server and will be able to read, modify or edit the data.

Man in the Browser Attack

  • Very similar to the Man in the Middle Attack.
  • Trojan Horse is used to intercept.
  • Manipulation done between the browser and application.

Key methods of session hijacking

There are five key methods of Session hijacking:

  1. Session Fixation
  2. Session Side Jacking
  3. Cross Site Scripting
  4. Malware
  5. Brute Force

Session Fixation

  • The hacker or attacker already has information about the session ID of the user. 
  • The hacker would have sent the email containing the Session ID. 
  • Attacker has to wait for the user to login. 
  • The hacker sends the user a crafted login that contains the hidden field with the fixed session ID.

Session Side Jacking

  • Hacker uses the packet sniffing technique to find the network traffic between two parties. 
  • Hacker then steals the session cookie. 
  • Most possible attacks happen in Unsecured Wi-Fi Spots. 
  • Even if the websites use SSL, the hacker can easily attack the networks to access the servers and get access to information or session of the users. 
  • Hacker uses Man in Middle Attack as one of the classic use cases for this session side jacking.

Cross Site Scripting

  • Attacker sends the user a running code to get a copy of the cookie.
  • For the user, these seem trustworthy as it is the server information.
  • Typically, the hacker uses client-side script, such as JavaScript. 
  • This code attacks the browser to execute arbitrary code and provides information on session hijacking. 
  • Types – Reflected XSS,  Stored XSS, DOM- Based XSS

Malware

  • Unwanted programs to steal the browser cookie files 
  • Performed without a user knowledge to obtain file or memory contents of the user’s computer or the server 
  • Hacker creates a client browser temporary local storage called as Cookie Jar.

Brute Force

  • Hacker uses key generation algorithms to get the session ID.
  • Algorithm recognizes the sequential keys.
  • Maximizes the predictable sessions and accesses the user's active session.
  • Entropy is compromised using Brute Force and hacker is successful in stealing the information.
  • Can only be protected with short predictable session identifier.
  • We can use longer session keys.

Exploiting the session hijack vulnerability

Four categories of Vulnerabilities exploit the session hijack:

XSS Vulnerabilities

  • Injecting Client-Side Scripts
  • JavaScript is embedded
  • Creates a faulty page and hacker attacks

Session Side Jacking Vulnerabilities

  • Use packet Sniffers to attack
  • E.g.- Man in the middle attack

Session Fixation Vulnerabilities

  • Mainly done through fake websites
  • User assumes it is an original link and clicks

Malware Installation Vulnerabilities

  • The hacker sends the malicious code to disrupt the application or networks or the communication
  • Hacker gets access to the applications

Overall, the hacker exploits session hijacking through various vulnerabilities making the system highly unstable and gains unauthorized access. The user is not aware of any of the system changes, and he assumes that the session is original. The hacker gains control of the data or information through these vulnerabilities.

Difference between session hijacking, session fixation and session spoofing

Topic
Session HijackingSession FixationSession Spoofing
GoalTo get unauthorized access to active user sessionTo get unauthorized access to active user sessionTo steal or modify the data
MethodThrough Sniffing network trafficThis is an inverted technique to get access through pre-defined session cookie planted in the user browserCan be done through fake Email, fake Website or fake IP address creations
ActivityPerformed on user who is currently logged in and already authenticatedThe hacker already knows the session IDs for getting unauthorized accessAttackers use stolen or counterfeit session tokens to initiate a new session and impersonate the original user, who might not be aware of the attack

What Can Attackers Do After Successful Session Hijacking?

  • The attacker can perform any action that the user was carrying out with his credentials.
  • The hacker can gain access to multiple web applications, from financial systems and customer records to line-of-business systems potentially containing valuable intellectual property. 
  • The attacker can use session hijacking cookies for identifying authenticated users in single sign-on systems (SSO). 
  • Here are a few examples:
    • Attackers can log into bank accounts for transferring money
    • Hackers can use the access for online shopping
    • Hackers can get access to sensitive data and sell it on the dark web
    • Hackers can demand a ransom from the user in exchange for the data

Prevention of Session hijacking

  • Session hijacking can be protected by taking preventive measures on the client side.
  • Software Updating, End Point Security will be a key from a user side. 
  • Having Biometric authentication for every user session can prevent attacks. 
  • End to End encryption can be done between the user browser and web server using secure HTTP or SSL. 
  • We can have the session value stored in the session cookie. 
  • We can have an automatic log off after the session ends. 
  • We can use session ID monitors. 
  • VPN use can prevent unauthorized access. 
  • Web server generating long random session cookies can prevent attacks. 
  • Usage of Session ID monitors enhances security. 
  • Deleting the session cookie from the user server and computer enhances security. 
  • Having different HTTP header order for different sessions is a good precaution.

Conclusion

In this article we have covered the key concepts of session hijacking and the ways by which this activity can be performed by the hacker. We have discussed the methods for unauthorized access by hackers or attackers, including the techniques used by hackers for injecting vulnerabilities. We have understood the concept of Session spoofing and Session fixation.  We learnt the various activities that a hacker can perform after getting control of the user session, and finally touched upon how to prevent session hijacking.

Anand

Anand V

Blog Author

Anand V is an independent consultant with more than 23 plus years of experience. He is currently working in areas of Artificial  Intelligence ,Cybersecurity, Blockchain and IoT. 

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

How ITIL® 4 Helps in the Breakdown of Siloed Working

Silo mentality is a mindset adopted by certain employees/teams/departments within the same organization. Silo working hampers efficiency, the scope for improvement, cross-functional knowledge transfer as well as trust-building with in a workforce. The existence of a silo mentality drastically affects the health of the company culture in the long run.  However, silo working has been a management term that has been doing the rounds for quite some time now. A silo mindset can be eradicated with the right vision and training by the executive leaders of organizations and by making a cultural shift. ITIL® plays a vital role in creating this shift and helps in preventing such destructive organizational practices. 2 ways ITIL® 4 eliminates a siloed approach to work ITIL® 4 was introduced with the intention to streamline the service value chain by eliminating traditional way of carrying out activities. It enables teams to develop a holistic approach instead of a siloed approach. Below are the 2 ways enterprises can use ITIL® 4 to avoid a siloed approach to work: 1. Foster a collaborative work environment right from the top 77% of organizations say that ITIL® has helped them implement effective organizational changes.In majority of these organizations, ITIL® was adopted right from the senior management to beginner-level employees. When professionals in the top levels of an organization display teamwork with a growth mindset, it’s inevitable that the rest of the workforce would adopt it. This level of collaboration right from the top reinforces the idea that employees/teams must work together to achieve business goals. ITIL® 4 helps organizations frame new process architectures that revolve around the value-creation principle. Processes are formally documented to keep track of consistency and progress, and dependencies involved in each process are clearly laid out. This way, teams tend to work holistically and a siloed approach to work is reduced. 2. Enlighten the employees about a holistic work approach A rigid work culture leaves the employee uninspired to collaborate. ITIL® 4 advocates building a customer-centric culture. However, for happy customers to be born, employees must be satisfied first. Enterprises must consider the aspirations of their employees and why they prefer siloed work over teamwork. If the employees raise concerns regarding the company culture and the lack of enough support is compelling them to work in silo, those need to be addressed.  Employees who feel that they lack the right skills to collaborate should also be supported to uplift their productivity They can also be rewarded for their efforts for teamwork through periodic performance reviews and rewards/recognition. Nipping siloed approach at the bud In the past, ITSM had received a lot of flak for promoting siloed working, However, the latest version of ITIL, ITIL® 4, rectified this flaw of ITSM. Amidst this highly competitive market, it’s imperative for organizations to generate value quickly. The Siloed approach impedes enterprises from a value-generation point of view. Industry experts are of the view that on-the-job training is the best way to upskill the entire workforce in ITIL® 4. Adoption of ITIL® 4 will greatly help in curbing a siloed approach to work and encourage a holistic and collaborative work methodology.  
1553
How ITIL® 4 Helps in the Breakdown of Siloed W...

Silo mentality is a mindset adopted by certain emp... Read More

ITIL Framework And Processes - An Unmissable Guide

ITIL refers to a public framework which best describes the best practice in the effective management of IT service. It facilitates the practical framework for the authority of various procedures related to the IT processes. It is also associated with the continual measurement and improvement of the quality of IT service that is to be delivered. The IT service that has to be given is from the perspective of customers as well as the organization. Since its creation, ITIL has become the widely accepted approach to IT service supervision in the world. There are various benefits related to the implementation of ITIL practices. With the practical implementation of ITIL practices, there would be an increase in customer satisfaction related to the IT services.   The origin of ITIL ITIL practices first came to light in the late 1980s by the Central Computer and Telecommunications Agency which is often abbreviated as CCTA and is located in Britain. The popularity of ITIL practices lies in the fact that these methods are not rigid. It provides a framework with the help of which organizations can adapt to their own needs.   It is important to note that ITIL breaks down the functions related to IT into full capacity and discrete components that usually spans across the entire length of the enterprise in terms of IT practice. Moreover, these services are designed in a block manner so that they can be utilized for the use of an external service provider. ITIL comprises of strategic, tactical and operational components. The vital elements comprise of long-term goals of a particular service and high-level activities are required to undertake them.   The tactical components comprise of individual processes that would monitor the assignments and activities required to execute the service. Furthermore, operational aspect includes of the specific implementation of the various procedures so that it can provide assistance to the stakeholders and the users. In this context, it is important to note that the completion of the operational assignments implies that the strategic objectives are achieved within the expected frames of time. The various versions related to ITIL practices The ITIL practices were first published from 1987 to 1996 on behalf of the CCTA organization. In this context, it is important to note that the second version of ITIL was released in the form of books from 2000 to 2004. Quite interestingly, the initial version of ITIL comprised of a collection of 31 books. This group has usually covered all notions of the IT provision. The service strategy of ITIL It is important to note that service strategies related to ITIL usually comprises of assessing the current market requirements and offerings. By carefully examining the offerings and plans, the organization can create a program so that the services can meet needs. In this context, it is vital to note that ITIL service strategy comprises of separate processes. They are in the form of financial management, strategy management for IT services, business relationship management, demand management and service portfolio management. Here is the detailed description of each of these processes.  Financial Management: It is focused on the services and commercial spending. It comprises of the aspects of accounting, budgeting, and charging activities of the organization. This type of process is also focused on the costs so that it can provide the required amount of services while maximizing the value of the service.   Relationship Management of the organization: It is that type of a relationship management that involves the creation and maintenance of relationships related to the clients. It is also associated with comprehending the needs of the customers as well as providing services as per the audited requirements.   Demand Management:It identifies the demand of the customer as per the services provided. It is one of those processes which is associated the application of the customers. The availability and the types of services are all part of Demand Management. Strategy Management in case of IT services: It is one of those processes that are associated with assessing the IT services in the notion of the overall position of the market. It also comprises of the need to determine the current market trends so that the customer needs can be satiated in a proper manner. It also includes planning for the potential expansion of the market. Service management of portfolio:It is focused on the effective management of the offered IT services. The portfolio management would also ensure that the goods and services delivered are always associated with the goals of service strategy.     The service design of ITIL The service design of ITIL is focused on the correct construction of service offerings to address needs of the customers as well as the business organization. Quite interestingly, the service design publication is made up of 8 separate processes. These processes comprise of management of capacity, service catalog management, management of the service level, availability management, and IT service continuity management, management of supplier, design coordination, and management related to information security. The catalog management of the services comprises of the accessibility to service customers which is required to keep the services remain productive. On the other hand, capacity management makes sure that the systems are always functioning at the needed capacity. On the other hand, supplier management reviews the relationships of the suppliers which are also resplendent with third parties and their various terms of contracts and agreements.  It is important to note that security has emerged as a vital issue of the organizations who operate in the domain of IT field. However, the practices of ITIL set it apart from others. The security patches related to ITIL usually outlines a continuous improvement process to assess the risks associated to processing information. On the other hand, ITIL practices are best tuned with the technical support. Hence, it is quite evident that all the ITIL practices are in sync with the levels of customer satisfaction. In this manner, it continually strives hard to make the organization in an efficient way.
ITIL Framework And Processes - An Unmissable Guide

ITIL refers to a public framework which best descr... Read More

Top 7 benefits of Having ITIL Skill

The challenges in digital data management are getting more complex because of the increasing amount of data required by the businesses. IT Infrastructure Library (ITIL) certification delivers the much-needed perfection to IT professionals to structure and implement the tailor-made IT service management strategy with a deep understanding of particular requirements. ITIL management allows collecting, analyzing, and distributing the data by following the time-tested methodology. As more businesses are realizing the benefits of ITIL management, the requirement for ITIL certified professionals is increasing fast in almost all the business sectors including education, e-commerce and healthcare etc.  ITIL Certification – A Qualification by Choice:  The tiered structured ITIL certification allows the candidates to choose the certification type and level according to personal career objective. ITIL certification, one among the top IT certifications, is provided at five levels to help the IT professionals boost their career in a progressive manner.  The ITIL intermediate certification modules are designed to produce the competent ITIL experts in specific areas like-  OSA (operational support & analysis) PPO (planning, protection and optimization) RCV (release, control and validation) SOA (service offerings and agreements)  ITIL service operation ITIL service transition ITIL managing across the lifecycle …  7 Key Benefits of Having ITIL Skill:   ITIL is a globally recognized set of the best in class management practices. ITIL certification helps you know the widely used concepts, terms, and processes to improve the organization’s growth. More numbers of organizations in almost all the business sectors are accepting ITIL implementation as a necessity to survive in the competitive marketing environment. Before joining any particular ITIL training course, you need to know the benefits for performance and career boost. The key benefits experienced by the most of ITIL certified experts, irrespective of their role in services management, are: 1. Worldwide Recognized Qualification: ITIL certification sets an international benchmark for your qualification and service management skill. Leading international service providers recognize ITIL certification as a prerequisite for services management experts; therefore, it helps to boost your career even at international level.     2. Acquaintance with Standard Language: Many service managers use advanced service management processes but without knowing the standard terminology or processes. ITIL certification helps you learn the standard language and processes widely used globally.  3. Smart Approach to Improve the Initiatives: Smart professionals work in smarter ways to demonstrate their skills and values. ITIL courses & workshops provide a smart skill to help you identify the potential to improve the initiatives.  4. Helps to Introduce Proactive Culture:  ITIL training builds the confidence to innovate new ways to improve customer satisfaction. ITIL training helps you focus better on the customers’ expectations and users’ experience. The gained expertise in using ITIL framework and tools helps you improve service delivery quality by developing a new proactive culture.  5. Instills Confidence & Refines Capabilities:  The quality of service delivery depends on the capabilities of the involved personnel; the organizations need confident and capable Services Management Experts to compete with rivals. ITIL certification courses are designed to produce confident service managers with improved capabilities to address the challenges in specific areas.    6. Makes You A Key Contributor To Organization’s Growth: ITIL certification course improves your competence, productivity and capability to build better relationships with customers and within the organization. ITIL expertise helps you make the processes more cost-efficient by optimizing the use of available resources. The holistic approach to getting better ROI with an eye upon risk factors helps the organization to achieve sustainable growth.     7. Career Boost:  The successful completion of ITIL course gives you a globally recognized qualification and expertise; therefore, you are paid better. Numbers of project experts accept that they got 15% salary hike after getting ITIL certification. Besides the salary aspect, you get wider landscape with more opportunities to progress.  ITIL Certification Course: Is It For You?  More and more organizations worldwide are adopting time-tested ITIL framework; so, the job trends make ITIL training a smart choice for IT services professionals. ITIL certification courses are designed to benefit -  Professionals engaged in a business sector but planning to move a company providing IT services.  IT service management professionals willing to update their skills   Mid-level & senior-level IT professionals IT consultants  
1702
Top 7 benefits of Having ITIL Skill

The challenges in digital data management are gett... Read More